class RuboCop::Cop::GitlabSecurity::PublicSend
Checks for the use of `public_send`, `send`, and `__send__` methods.
If passed untrusted input these methods can be used to execute arbitrary methods on behalf of an attacker.
@example
# bad myobj.public_send("#{params[:foo]}") # good case params[:foo].to_s when 'choice1' items.choice1 when 'choice2' items.choice2 when 'choice3' items.choice3 end
Constants
- MSG
Public Instance Methods
on_send(node)
click to toggle source
# File lib/rubocop/cop/gitlab-security/public_send.rb, line 30 def on_send(node) send?(node) do |match| next unless node.arguments? add_offense(node, location: :selector, message: format(MSG, match)) end end